KEYCLOAK-4178 Bad error message when kerberos provider unavailable

2017-01-09 16:56:58 +01:00 · 2017-01-09 16:56:58 +01:00 · 14669dfbc5
commit 14669dfbc5
parent 5cec0d4bef
2 changed files with 32 additions and 3 deletions
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/KerberosUsernamePasswordAuthenticator.java
@ -99,7 +99,12 @@ public class KerberosUsernamePasswordAuthenticator {
    }

    protected void checkKerberosServerAvailable(LoginException le) {
-        if (le.getMessage().contains("Port Unreachable")) {
+        String message = le.getMessage().toUpperCase();
+        if (message.contains("PORT UNREACHABLE") ||
+            message.contains("CANNOT LOCATE") ||
+            message.contains("CANNOT CONTACT") ||
+            message.contains("CANNOT FIND") ||
+            message.contains("UNKNOWN ERROR")) {
            throw new ModelException("Kerberos unreachable", le);
        }
    }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
@ -25,9 +25,7 @@ import java.util.regex.Pattern;

 import javax.ws.rs.core.Response;

-import org.junit.After;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Test;
 import org.keycloak.common.constants.KerberosConstants;
@ -37,6 +35,7 @@ import org.keycloak.federation.kerberos.KerberosConfig;
 import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.representations.idm.ComponentRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.storage.UserStorageProvider;
 import org.keycloak.storage.UserStorageProviderModel;
 import org.keycloak.testsuite.util.KerberosRule;
@ -158,4 +157,29 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
        testRealmResource().components().add(kerberosProvider);
    }

+
+    /**
+     * KEYCLOAK-4178
+     *
+     * Assert it's handled when kerberos realm is unreachable
+     *
+     * @throws Exception
+     */
+    @Test
+    public void handleUnknownKerberosRealm() throws Exception {
+        // Switch kerberos realm to "unavailable"
+        List<ComponentRepresentation> reps = testRealmResource().components().query("test", UserStorageProvider.class.getName());
+        org.keycloak.testsuite.Assert.assertEquals(1, reps.size());
+        ComponentRepresentation kerberosProvider = reps.get(0);
+        kerberosProvider.getConfig().putSingle(KerberosConstants.KERBEROS_REALM, "unavailable");
+        testRealmResource().components().component(kerberosProvider.getId()).update(kerberosProvider);
+
+        // Try register new user and assert it failed
+        UserRepresentation john = new UserRepresentation();
+        john.setUsername("john");
+        Response response = testRealmResource().users().create(john);
+        Assert.assertEquals(500, response.getStatus());
+        response.close();
+    }
+
 }